sh00t2kill
OTP for my Account
Got the email. Since then, I don't have a password anymore. How can I log in?
We’re rolling out a One-Time Password (OTP) for the MyDolphin™ Plus app: a unique personalized code sent to you over email to log into the app.
Starting this week, you’ll need to use a OTP to access the app.
Here's how to switch to the new login:
Open the MyDolphin™ Plus app. Enter your email on the login screen. Check your inbox for an email from us with your personalized OTP. Enter the OTP into the app. A note about pairing your robot:
If you logged in with the same email as before, you’ll be able to use the app immediately - no pairing neededIf you logged in before with
- Bluetooth® connection OR Facebook, Google, or Apple, without providing Maytronics your current email
you’ll have to do the pairing again
Note: For the next year, you won’t have to log in with OTP again. Just open the MyDolphin+ App and enjoy your Dolphin.
To keep your account secure, you’ll be asked to refresh your login once every 12 months.
For now, since I don't have that issue, I cannot assist, will leave it open, Already contacted product dept. Of Maytronics to ask for more cooperation with us, They will get back to me after learning the details
I'm new to my dolphin plus. After setting up the app there is no password and I'm unable to setup this. Any tips?
I'm new to dolphin plus too, never had a password. The password less flow must be implemented so people can continue/start to use this integration.
If that flow must be implemented, you can either develop and contribute or wait for it
I used mitmproxy to reverse engineer the authentication request originally.
I get the feeling that maytronics have implemented this specifically to stop us, but let's hope not.
If any of the requesters have the know-how it would be super helpful if you could do the same abs reverse engineer the flow.
The app must be saving some sort of authentication token somewhere and using that in place of credentials.
Could be a dead end for the integration entirely.
Even if we manage to get it working, obtaining said token may require steps well beyond a normal user type thing.
I hope not, but I'm not feeling overly positive about the whole thing.
For those who have new accounts and no longer have a password; have you tried loading an older version of the app, and then resetting your password?
If the logic is to do once a year otp and then you get the token for a year, don't see a problem, We just need to find that endpoint and trigger it, But for now since i don't have that suth mechanism, i cannot investigate it, if you have the ability pls share how to trigger and what is the next step endpoint.
I don't think it has something with us, companies around the world are under constant cyber attacks, if a database of public company is getting exposed as result from that they are in deep s**t, to avoid it having an otp is much safer and much simpler to implement and maintain, Btw, i'm using roborock and their login is also otp, so i'm not concerned
Hey, just adding my support here. I just bought a Dolphin Active and I went straight to OTP authentication, no password. Unfortunately I can't code so I don't know how I can help restore this integration
@sh00t2kill can you post here how to install and configure mitmproxy so ppl with enough tech understanding, time and otp auth for mydolphin will have the ability to explain what are the endpoints involved in that process (trigger otp and authenticate using otp, extract token)?
There are a myriad of guides and howtos online.
This one looks pretty good. https://dev.to/sudo_overflow/reverse-engineering-a-private-api-with-mitm-proxy-20ia
Note that you can't do it on an Android phone, you need iOS due to how certificate's work on Android.
Having said that, I'd be very surprised if it's not still using aws cognito under the hood, so we can potentially just look up the python sdk docs.
Depends on what they are doing with the token that resulted from verifying the otp, I don't have any iOS device so we will need someone that will assist us with that
I have an iPhone, but a windows PC. Can I install mitmproxy on my windows machine and set the iPhone’s proxy to the windows machine’s IP? Would that get the date you would need?
A
On 15 Jun 2024, at 16:43, Elad Bar @.***> wrote:
Depends on what they are doing with the token that resulted from verifying the otp, I don't have any iOS device so we will need someone that will assist us with that
— Reply to this email directly, view it on GitHubhttps://github.com/sh00t2kill/dolphin-robot/issues/199#issuecomment-2169819443, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALJBOV26SUUR6MEXJJDA3R3ZHRHILAVCNFSM6AAAAABI6I3ZY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRZHAYTSNBUGM. You are receiving this because you are subscribed to this thread.Message ID: @.***>
@Kapncanada @andreacoppini @alexandrezia and anyone else who reported not being able to connect HA to mydolphin due to not having a password -- please join the discord.
I have a potential work around to generate a password, but I would like a few people to try it before making it public.
I have also the problem to connect with HA
Join the discord, maybe we have a solution! https://discord.com/invite/A4WwEUrT
released beta version v1.0.16b0 with workaround.
as part of:
- setting up new integration for user with OTP
- For existing integration that stopped working due to OTP using the re-configure in integration space under devices & services -> intergation
Expected result
- Tick within the setup popup the "Reset account password (Workaround for OTP)"
- API call will be sent for the forgot password endpoint (which will restore the credentails mode instead of OTP)
- Process will reset your credentials in the form and will ask you to re-enter them,
- Complete forgot password flow according the MyDolphin flow
- Reentered in the form
- DON'T tick the reset account password checkbox
- Integration will perform full login and setup flow.
pls update how it works for you
thanks
Expected result
- Tick within the setup popup the "Reset account password (Workaround for OTP)"
- API call will be sent for the forgot password endpoint (which will restore the credentails mode instead of OTP)
- Process will reset your credentials in the form and will ask you to re-enter them,
- Complete forgot password flow according the MyDolphin flow
- Reentered in the form
- DON'T tick the reset account password checkbox
- Integration will perform full login and setup flow.
Sorry does not work for me.
I uninstall the 1.0.15 and reinstall the 1.0.16b The i have to reconfigure the new version. If i set the User and Passwort and the Checkbox - i get the new window so i can reenter the User and Passwort. But then nothing happens. -> Invalid server details And idea?
can you pls run it with debug logs and share the logs (if your email / password are in logs, remove them)
thanks
Status update None --> Failed to access API, Failed to send HTTP request, Endpoint: https://mbapp18.maytronics.com/api/users/ForgotPassword/, Method: POST, Error: 'NoneType' object has no attribute 'post', Line: 171 Status update Establishing connection to API --> Failed to access API, Failed to login into MyDolphin Plus service, Error: 'str' object has no attribute 'get', Line: 344
Logger: custom_components.mydolphin_plus.managers.rest_api Quelle: custom_components/mydolphin_plus/managers/rest_api.py:262 Integration: mydolphin_plus (Dokumentation, Probleme) Erstmals aufgetreten: 08:06:49 (8 Vorkommnisse) Zuletzt protokolliert: 08:21:27
Empty response of reset password
All i found
thanks for the log, found it - session (object for http calls) was not initialized, v1.0.16b1
pls redownload and try again thanks